Difference between revisions of "Web deployment policies"

From Jon's Wiki
(Created page with "* Website code should not be able to write to itself * Use https wherever possible * Use salted good hashes for passwords")
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
* Website code should not be able to write to itself
+
* Server code should not be able to write to itself
* Use https wherever possible
+
** one user for webserver (fastcgi?) to run as, one for deployment
 +
** data stored by the webserver (or other server) goes in /var/lib/ (probably /var/lib/sitedata/<sitename>)
 +
* config should live under /etc/, and not in the docroot/code
 +
* Use SSL/TLS wherever possible
 
* Use salted good hashes for passwords
 
* Use salted good hashes for passwords

Latest revision as of 03:15, 25 March 2016

  • Server code should not be able to write to itself
    • one user for webserver (fastcgi?) to run as, one for deployment
    • data stored by the webserver (or other server) goes in /var/lib/ (probably /var/lib/sitedata/<sitename>)
  • config should live under /etc/, and not in the docroot/code
  • Use SSL/TLS wherever possible
  • Use salted good hashes for passwords